Virtualization Technology News and Information
Q&A: Interview with Appcito's Siva Mandalam Talking Security Defense on Applications in the Cloud

Santa Clara-based startup, Appcito, has introduced new features to their Cloud Application Front-End (CAFE) software with version 1.8. The new release offers users the ability to set up secure environments customized to each application to stop rapidly expanding and differentiating attacks in public cloud environments, as well as provide automatic actions to secure vulnerabilities before they can be exploited.  To find out more, I spoke with Siva Mandalam, the company's VP of products and strategy.

VMblog: Can you provide some background on Appcito as a company?

Siva Mandalam: Appcito is focused on transforming how cloud applications are deployed and operated. Appcito delivers cloud-based services that make it fast and easy to keep cloud applications performant, secure, available and always improving. Our cloud-native proxy-based service improves application delivery with a web-scale solution for load balancing, application security, continuous deployment and more. Innovative application teams rely on Appcito to make their applications hum, their users happy and their company succeed.

VMblog: What is the biggest difference between traditional security solutions and Cloud Application Front-End (CAFE) version 1.8?

Mandalam: Traditional security solutions are not effective in today's cloud environments due to the fact that attacks are shifting from targeting the network and infrastructure to targeting specific applications, which these security products are not focused on.  Cloud dramatically increases the surface area of attacks, and to successfully protect against attacks a new proactive approach needs to be deployed that protects both the application and the cloud infrastructure it uses.  The challenge is to provide effective web application protection, hardening, security against DDoS attacks, and seamless performance. 

Appcito CAFE 1.8 provides virtual patching capabilities for a greater level of security than any other solution on the market while at the same time ensuring there is no disruption to mission-critical applications. Appcito CAFE 1.8 enhancements help to protect all parts of the applications in the cloud, from edge to the infrastructure and the application.  New features include virtual patching, a user option to set rules for application security, enhanced Denial of Service (DoS) detection and protection, and daily monitoring and updates for Internet vulnerabilities. 

VMblog: What is the main threat Appcito is addressing?

Mandalam: Appcito CAFE protects applications and ecommerce sites by providing security against OWASP vulnerabilities, delivering PCI compliance, enabling threat policies and analysis, and providing crowdsourcing capabilities to alert and instantly protect all applications against attack.

VMblog: How does Cloud Application Front-End (CAFE) work? And what are some of the key features?

Mandalam: Appcito CAFE 1.8 enhancements takes a proactive approach that secures both the application and infrastructure it uses, for cloud applications. One of the biggest key features 1.8 CAFE introduces is virtual patching, a certified rule set, that protects against known attacks that targets vulnerabilities in public software.  Traditional patch management struggles to keep pace with identified vulnerabilities due to a variety of complexities that lie within the application, organizational culture and management itself. The sheer volume of new attack techniques to defend against in application software can be staggering, with new vulnerabilities publicly distributed each day and new sophisticated attack vectors published every week. By incorporating a "Virtual Patching" strategy, an organization can greatly improve efforts to reduce their organizational risk through quick remediation of vulnerabilities in web software. As the web interface has become the ubiquitous interface to cloud based software, including Virtual Patching can decrease the risk from software vulnerabilities and provide overall better defenses across their technology environments.  Virtual Patching implementation of CAFE enables rules to be broken out into the following attack categories:

  • SQL injection
  • cross-site scripting (XSS)
  • local file include
  • remote file include.

In addition, the implementation also includes a User option for application specific rules, covering the same vulnerability classes for applications such as:

  • Microsoft SharePoint
  • WordPress
  • cPanel
  • osCommerve
  • Joomla
  • cPanel
  • Drupal
  • vBulletin.

Other key features include IP reputation, web-base malware detection, Webshell/Backdoor detection, Bonet attack detection, anti-virus scanning file attachments and more.

VMblog: What else can we expect to see coming from Appcito?

Mandalam: We've recently introduced CAFE support for Azure, Docker and OpenStack, but expect to continue increasing our platform support this year. We are excited for what is ahead of us in the next few months and always looking for opportunities to expand our services and capabilities in order to support the growing business need of our customers.


Thanks again to Siva Mandalam, Appcito VP of products and strategy, for taking time out to speak with VMblog and answer a few questions.

Published Wednesday, July 22, 2015 6:29 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2015>